- Package:
- src:mbedtls
- Source:
- src:mbedtls
- Submitter:
- Naaz, Syeda Shagufta
- Date:
- 2025-08-25 05:11:01 UTC
- Severity:
- normal
- Tags:
Hi, The following vulnerability affects the Bookworm mbedtls package version 2.28.3-1. CVE-2025-47917: Misleading memory management in mbedtls_x509_string_to_names() This issue appears to have already been fixed in the mbedtls/3.6.4-1. But Bookworm version is still vulnerable. Regards, Syeda Shagufta Naaz
Hi, I have submitted a patch for the CVE fix for the Bookworm release and would appreciate a review - https://salsa.debian.org/debian-iot-team/mbedtls/-/merge_requests/6 . Please let me know if any adjustments are needed. Thanks in advance! Syeda Shagufta Naaz